Crypto Wars

explain how it is NOT ideal for multiple private keys to correlate to the same public key (collision!) and show ways that Eve can exploit this! Then lead into how Alice and Bob might remedy that situation with larger primes and a better scrambling funciton.

man in the middle attacks => spoofing, rerouting, or crypanalysis of scrambled messages

(2/3) Content Addressing: digital files be easily tampered with... so how do we sign things digitally while preserving all the characteristics that make a signature a signature? Content addressing! (not sure if this is relevant yet as Alice and Bob aren't using software yet, but maybe hint at it here and then have A&B impliment it in part3?) (would it be accurate/relevant to also say that using a compiled language like Rust allows for you to verify the authenticity/security of code before running it, whereas JS and Python run in real time and thus can call weird things on the fly?)

(intro/all) Goals Of Cryptography:

Integrity: The message I send will arrive at its intended destination intact and unchanged.

Authenticity: I can ascertain that the sender and the recipient of the message are the correct ones.

Non-repudiation: An event that has taken place cannot be denied.

Confidentiality: That which is intended to be private will be kept private.

(2/3) Trapdoors: Functions that are easy to compute but difficult to invert are called one way functions. A subset of one way functions are trapdoor functions - the only difference being that trapdoor functions can be inverted as long as you have some special secret k. (What if we had Eve pretend to help A&B, but really she was offering them tricky software that her friend Mal created that has a trapdoor in it?)

(3) Cryptographic hash function:

Collision resistant: Given two inputs a and b, it is computationally expensive to find H(a) = H(b)

Preimage resistant: Given only the output of H(a), it is computationally infeasible to find a. Brute forcing (guessing every possible input) should be the only way to find it, which is expensive

Second-preimage resistant: Given a, one cannot find b such that H(a) = H(b).

(3) Hashes As Commitments: how can this example be incorporated into the story?

A writer who wants to copyright their manuscript on a certain date can publish a hash of their manuscript to the blockchain, where it gets timestamped. Should there be any dispute over the manuscript in the future, it would be very easy to verify whether the manuscript was hashed and signed on a certain day. It is also important to note that simply changing one letter in the manuscript, or even one bit in the input, should change a large portion of the bits in the output. Hash functions are mainly used for securing the integrity of information and thus also can act as unique identifiers. Since hash functions are deterministic, they are able to prove that certain pieces of information have not been tampered with. If information is tampered with, it will produce a different hash to the original version.

(2/3) Lamport Signatures: further emphasizes the concept of public keys as addresses and private keys as access, but furthers it by using it to prove things more like an account can post stuff on apps and social networks.

For Person A to sign a document, a hash value is produced from that document using a hash function. Person A uses the encryption key, which is kept hidden, to encrypt the hash value of the document to produce a cipher-text: E(H). For Digital Signing Algorithms (DSA), the encryption key is the private key that is kept a secret and the decryption key is the public key that is published into the open. Person A publishes the document and along with the E(H). Anyone can verify that person A has signed the document by hashing the document and then using Person A’s trusted and published decryption key to decrypt the cipher-text E(H) to produce the same hash of the document. If the document hashes match, then the signature is valid.

It would be really great to create a code example for this because as is it's a solid example, but a little handwavey on the details. "You can think of the decryption of the right hash as the signature itself. The successful decryption is proof it is never exposed but rather the key used for encryption. The uniquely transformed cipher-text is proof of signature." <= like wtf does that even mean? An example would clarify it immensely :)

Eve learns the dark arts of cryptanalysis and social engineering (HOW? She was traveling and one of her bags was lost for months. She needed to get back into her accounts but had no way to access the passwords and codes that were securely stored in her checked bag. Desperate, she tried everything and, with the help of her friend Mal, learned how to break into her own accounts. Thinking it through, she wondered if the same tactics could help her infultrate Alice and Bob's now super popular club?). Meanwhile Alice and Bob are enjoying their club so much that they get tired of doing all the work of checking and doing the protocol they implimented. Since Eve hasn't attacked in a while anyways, they oursource verification to Alice's little brother in exchange for a chocolate bar every other friday. Alice's mom is a strict vegan health nut so this is a big deal for her little brother.

Eve completely pwns Alice and Bob in various ways: first intercepting messages and using brute force attacks and cryptanalysis to uncover the secret messages (Alice's little brother was only told to follow the protocol, so Eve can just hangout and try guess after guess with no penalties lol), then by sending false information between club memeber to create drama and upset, and then by bribing Alice's little brother with a Snickers bar to give her access to the secret master keys.

Alice and Bob are forced to abandon the treehouse because it becomes untenable and overrun with field trips from CS schools warning students of the perrils of rolling your own crypto. They've think they've lost everything, but they still have each other.

Beginnings of code building on previous concepts in part 1, and expanding to impliment Eve's various attacks :)